The management console for Symantec Endpoint Protection Manager (SEPM) is susceptible to arbitrary Java command execution if an authorized but unauthenticated user or an unauthorized individual can gain access to the Java port on the SEPM console. The server does not properly handle untrusted external data which could lead to OS command execution with elevated application privileges. By leveraging the elevated application access obtained, a malicious attacker may be able to potentially manipulate SEPM services to launch arbitrary code with administrator privileges on the host system.